Back to search
CVE-2012-3450
Published: Aug 6, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20120802 Re: CVE Request: php5 pdo array overread/crash
mailing-list
x_refsource_MLIST
DSA-2527
vendor-advisory
x_refsource_DEBIAN
http://www.php.net/ChangeLog-5.php
x_refsource_CONFIRM
[oss-security] 20120802 CVE Request: php5 pdo array overread/crash
mailing-list
x_refsource_MLIST
https://bugs.php.net/bug.php?id=61755
x_refsource_CONFIRM
20120610 [php<=5.4.3] Parsing Bug in PHP PDO prepared statements may lead to access violation
mailing-list
x_refsource_BUGTRAQ
MDVSA-2012:108
vendor-advisory
x_refsource_MANDRIVA
USN-1569-1
vendor-advisory
x_refsource_UBUNTU
https://bugzilla.novell.com/show_bug.cgi?id=769785
x_refsource_CONFIRM
SUSE-SU-2012:1033
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now